The bug has been fixed by caching the pwd->ps_uid at the start of the function and using the test against that. Also note that the bug behavior changed at some point as the UID changed from 529288 to 0. Suggests a buffer overrun, endianness or thread issues.

Here is the modified check_user_amandahosts() security-util.c (don't forget to modify the top of the file to enable secprintf().

Consultancy

I am happy to discuss any of the topics or tools listed here for free, however if you want something done that will take a long time then I would be pleased to do some consultancy for you. Email me on matthew@swabey.org. If you are curious about my background and experience feel free to check my CV.

About Me

Boring but Important:

The views expressed on this website are my own and do not represent either the School of Electrical and Computer Engineering or the University of Purdue.

All items posted are done so in good faith in the hopes of being useful to people using the tools or technologies legally. If you feel any information here is objectionable or reveals important information please contact me to discuss having it modified or removed.